CWE:
 

Tytuł
Data
Autor
Med.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
13.07.2018
Core Security Technolo...


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-05-16
Medium
CVE-2021-42897

Vendor: Feminer wms project
Software: Feminer wms
 

 
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.

 
2022-05-12
High
CVE-2022-29303

Updating...
 

 
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.

 
2022-05-11
Medium
CVE-2022-1510

Vendor: Gitlab
Software: Gitlab
 

 
An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.

 
Low
CVE-2022-1428

Vendor: Gitlab
Software: Gitlab
 

 
An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being enforced.

 
2022-05-10
High
CVE-2022-28915

Updating...
 

 
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.

 
High
CVE-2022-28913

Updating...
 

 
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.

 
High
CVE-2022-28912

Updating...
 

 
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.

 
High
CVE-2022-28911

Updating...
 

 
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.

 
High
CVE-2022-28910

Updating...
 

 
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.

 
High
CVE-2022-28909

Updating...
 

 
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top